tcp port traffic graph

[newbie]

salam

how are u all!

i want to know is there any way to view a specific port traffic graph using mrtg or rrdtools.
like i want to see all the ftp traffic coming to ftp server.

thanks for reading.

[lambda]

you need a way to measure traffic, and report it in a format that mrtg (or rrdtools -- the better option) can use. some ftp servers write out a transfer log; you might want to try and massage that into a format you can use with rrdtools.

for my work sites, i use iptraf to log traffic. i set it up to watch http and smtp traffic (the big ones at work), and to log that to a file. i wrote a script that parses the output of iptraf, and runs rrdtool/rrdgraph.

it is a major hack, given that i have to start my script, start iptraf and have it run for 300 seconds, make my script sleep until iptraf ends, do the rrd ops, repeat. it does work, though, and flawlessly.

[farhantoqeer]

I dont know about this software much, but it sounds nice by its documents check out http://www.nagios.org/

[newbie]

thanks very much for ur replies.

lambda i think iptraf is the only easiest way to do this.There was a link at RRDtools site which explains how to use iptraf for rrdtools. but that link is now not working so please send me any doc if u have about it.

farhantoqeer i checked the screenshots of that software and it looks like something else. like its made to view the activity and uptimes of hosts.

[LinuxFreaK]

Dear Newbie,
Salam,

nTop Might Help you

Best Regards.

[newbie]

thanks i have tried that.
exactly not the thing i am looking for but not bad.

[lambda]

install iptraf, configure it with the filter you want. i run iptraf in a perl script like this:

Code: Select all

#!/usr/bin/perl -w

use strict;

my $t;

while (1) { 
  $t = time();
  system("iptraf -s eth0 -t 5 -L Log.$t -B");
  system("parse-log.pl /var/log/iptraf/Log.$t &");
 sleep(302);
}


exit(0);

this starts off iptraf. it runs for five minutes, then exits, writing out the log file.
the parse-log script sleeps for 5 minutes, then parses the log file.
and then this script repeats.

(i told you it was a hack)

i have iptraf to count smtp and http traffic, so my parse-log.pl script is:

Code: Select all

#!/usr/bin/perl -w

use bytes;
use strict;
use lib qw(/usr/local/rrdtool-1.0.45/lib/perl);
use RRDs;

my $fname = $ARGV[0];
my $httpkbits = 0;
my $smtpkbits = 0;
my $line;

my $tmp;
my $now;

($tmp, $now) = split(/\./, $fname);

# rrd file
my $traffic_rrd = "/var/db/rrd/traffic-web1.rrd";

# graphs we create
my $traffic_graph_h = "/web/naseeb/traffic-w1-hour.png";
my $traffic_graph_d = "/web/naseeb/traffic-w1-day.png";
my $traffic_graph_w = "/web/naseeb/traffic-w1-week.png";
my $traffic_graph_m = "/web/naseeb/traffic-w1-month.png";

sleep(302);

# parse log file for http/smtp traffic
open(L, "< $fname") or die "can't open $fname";
while (<L>) {
  chomp;
  $line = $_;
  if ($line =~ /^TCP\/80:.*, ([.\d]+) kbits\/s$/) {
    $httpkbits = $1;
  } elsif ($line =~ /^TCP\/25:.*, ([.\d]+) kbits\/s$/) {
    $smtpkbits = $1;
  }
}
close(L);

# insert data into the rrd file
RRDs::update($traffic_rrd, "$now:$httpkbits:$smtpkbits");

# graph the data
RRDs::graph("$traffic_graph_h", "--title", "Web1 Traffic", "-r",
            "--start", "now-2h", "--end", "now",
            "DEF:http=$traffic_rrd:http:AVERAGE",
            "DEF:smtp=$traffic_rrd:smtp:AVERAGE",
            "AREA:http#00FF00:http",
            "GPRINT:http:MAX:Max\\: %lg",
            "GPRINT:http:AVERAGE:Avg\\: %lg",
            "GPRINT:http:MIN:Min\\: %lg",
            "GPRINT:http:LAST:Cur\\: %lg",
            "COMMENT:\\s",
            "COMMENT:\\s",
            "STACK:smtp#0000FF:smtp",
            "GPRINT:smtp:MAX:Max\\: %lg",
            "GPRINT:smtp:AVERAGE:Avg\\: %lg",
            "GPRINT:smtp:MIN:Min\\: %lg",
            "GPRINT:smtp:LAST:Cur\\: %lg");

RRDs::graph("$traffic_graph_d", "--title", "Web1 Traffic", "-r",
            "--start", "now-25h", "--end", "now",
            "DEF:http=$traffic_rrd:http:AVERAGE",
            "DEF:smtp=$traffic_rrd:smtp:AVERAGE",
            "AREA:http#00FF00:http",
            "GPRINT:http:MAX:Max\\: %lg",
            "GPRINT:http:AVERAGE:Avg\\: %lg",
            "GPRINT:http:MIN:Min\\: %lg",
            "GPRINT:http:LAST:Cur\\: %lg",
            "COMMENT:\\s",
            "COMMENT:\\s",
            "STACK:smtp#0000FF:smtp",
            "GPRINT:smtp:MAX:Max\\: %lg",
            "GPRINT:smtp:AVERAGE:Avg\\: %lg",
            "GPRINT:smtp:MIN:Min\\: %lg",
            "GPRINT:smtp:LAST:Cur\\: %lg");

RRDs::graph("$traffic_graph_w", "--title", "Web1 Traffic", "-r",

            "--start", "now-192h", "--end", "now",
            "DEF:http=$traffic_rrd:http:AVERAGE",
            "DEF:smtp=$traffic_rrd:smtp:AVERAGE",
            "AREA:http#00FF00:http",
            "GPRINT:http:MAX:Max\\: %lg",
            "GPRINT:http:AVERAGE:Avg\\: %lg",
            "GPRINT:http:MIN:Min\\: %lg",
            "GPRINT:http:LAST:Cur\\: %lg",
            "COMMENT:\\s",
            "COMMENT:\\s",
            "STACK:smtp#0000FF:smtp",
            "GPRINT:smtp:MAX:Max\\: %lg",
            "GPRINT:smtp:AVERAGE:Avg\\: %lg",
            "GPRINT:smtp:MIN:Min\\: %lg",
            "GPRINT:smtp:LAST:Cur\\: %lg");

RRDs::graph("$traffic_graph_m", "--title", "Web1 Traffic", "-r",
            "--start", "now-840h", "--end", "now",
            "DEF:http=$traffic_rrd:http:AVERAGE",
            "DEF:smtp=$traffic_rrd:smtp:AVERAGE",
            "AREA:http#00FF00:http",
            "GPRINT:http:MAX:Max\\: %lg",
            "GPRINT:http:AVERAGE:Avg\\: %lg",
            "GPRINT:http:MIN:Min\\: %lg",
            "GPRINT:http:LAST:Cur\\: %lg",
            "COMMENT:\\s",
            "COMMENT:\\s",
            "STACK:smtp#0000FF:smtp",
            "GPRINT:smtp:MAX:Max\\: %lg",
            "GPRINT:smtp:AVERAGE:Avg\\: %lg",
            "GPRINT:smtp:MIN:Min\\: %lg",
            "GPRINT:smtp:LAST:Cur\\: %lg");

exit(0);

[newbie]

thanks a lot mr lambda for sharing.

unix + Perl rocks.